使用Cakephp和PhoneGap进行身份验证
我正在开发一个应用程序,在服务器端使用Cakephp,在客户端使用PhoneGap,使用JSON作为访问服务器端的中介 现在,我正在专门开发一个登录表单,用户需要输入用户名和密码。我在我的使用Cakephp和PhoneGap进行身份验证,php,json,cordova,cakephp,encryption,Php,Json,Cordova,Cakephp,Encryption,我正在开发一个应用程序,在服务器端使用Cakephp,在客户端使用PhoneGap,使用JSON作为访问服务器端的中介 现在,我正在专门开发一个登录表单,用户需要输入用户名和密码。我在我的控制器中放入以下内容: public function api_login() { header("Access-Control-Allow-Origin: *"); header("Access-Control-Allow-Headers: Authorization"); if
控制器中放入以下内容:
public function api_login() {
header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Headers: Authorization");
if ($this->request->data && isset($this->request->data['username']) && isset($this->request->data['password'])) {
$arrUser = $this->User->find('all',array(
'conditions'=>array(
'username'=> $this->request->data['username'],
'password' => $this->request->data['password']
)
));
if (count($arrUser) > 0 ) {
$this->Session->write('Auth.User',$arrUser[0]['User']);
$arrReturn['status'] = 'SUCCESS';
$arrReturn['data'] = array('loginSuccess' => 1,'user_id' => $arrUser[0]['User']['id'] );
}
else {
$arrReturn['status'] = 'NOTLOGGEDIN';
$arrReturn['data'] = array( 'loginSuccess' => 0 );
}
} else {
$arrReturn['status'] = 'NOTLOGGEDIN';
$arrReturn['data'] = array( 'loginSuccess' => 0 );
}
echo json_encode($arrReturn);
}
在客户端,我检索JSON编码的内容,如下所示:
<script>
$(document).ready(function(){
$('form').on('submit',function(e){
e.preventDefault();
$username = $("#form-username").val();
$password = $("#form-password").val();
$.ajax({
url : "http://localhost/teslaphonegap_cakephp/" + 'login.json',
cache : false,
data : {
'username' : $username,
'password' : $password },
dataType : 'json',
type : 'POST',
success : function(result) {
if(result.status=="SUCCESS"){
alert("success");
console.log(result);
}else{
alert("username or pass are wrong");
console.log(result);
} },
error : function(xhr, status, err) {
alert("ERROR");
}
});
});
});
</script>
if ($this->request->data && isset($this->request->data['username']) && isset($this->request->data['password'])) {
$arrUser = $this->User->find('first',array(
'conditions'=>array(
'username'=> $this->request->data['username'],
)
));
if ($this->request->data['password'] == $arrUser['User']['password']) {
$this->Session->write('Auth.User',$arrUser['User']);
$arrReturn['status'] = 'SUCCESS';
$arrReturn['data'] = array('loginSuccess' => 1,'user_id' => $arrUser['User']['id'] );
//rest of your code
现在,当我尝试登录时,它总是返回错误消息,因为它将一个未清除的值与数据库中已散列的其他值进行比较。我如何解决这个问题?我使用了afterFind()
,但它不起作用:
public function afterFind($results, $primary = false) {
foreach ($results as $key => $val) {
if(isset($val['User']['password'])){
$results['User']['password'] = Security::decrypt($val['User']['password'], Configure::read('Security.cipherCriptKey'));
}
return $results;
}
}
--编辑
在我的core.php
中,我使用了以下内容:
Configure::write('Security.cipherCriptKey','su0HKssPmdbwgK6LdQLqzp0Y7zOmyaTI');
首先,您的afterFind()
回调无法按预期工作
线路
$results['User']['password'] = Security::decrypt($val['User']['password'], Configure::read('Security.cipherCriptKey'));
应写为
$results[$key]['User']['password'] = Security::decrypt($val['User']['password'], Configure::read('Security.cipherCriptKey'));
然而,改变这一点并不能解决您的问题。如果在数据库中搜索密码与$this->request->data['password']
匹配的记录,则不会返回任何结果。注意,数据库中的密码是散列的
您必须从表users
中获取与$this->request->data['username']
匹配的记录,解密字段password
的值,并将其与$this->request->data['password']
进行比较
afterFind()
已经负责解密,因此您的代码可以按如下方式编写:
<script>
$(document).ready(function(){
$('form').on('submit',function(e){
e.preventDefault();
$username = $("#form-username").val();
$password = $("#form-password").val();
$.ajax({
url : "http://localhost/teslaphonegap_cakephp/" + 'login.json',
cache : false,
data : {
'username' : $username,
'password' : $password },
dataType : 'json',
type : 'POST',
success : function(result) {
if(result.status=="SUCCESS"){
alert("success");
console.log(result);
}else{
alert("username or pass are wrong");
console.log(result);
} },
error : function(xhr, status, err) {
alert("ERROR");
}
});
});
});
</script>
if ($this->request->data && isset($this->request->data['username']) && isset($this->request->data['password'])) {
$arrUser = $this->User->find('first',array(
'conditions'=>array(
'username'=> $this->request->data['username'],
)
));
if ($this->request->data['password'] == $arrUser['User']['password']) {
$this->Session->write('Auth.User',$arrUser['User']);
$arrReturn['status'] = 'SUCCESS';
$arrReturn['data'] = array('loginSuccess' => 1,'user_id' => $arrUser['User']['id'] );
//rest of your code
您是否能够在客户端成功破译用户名密码?你用什么做密码?我不明白你的第一个问题。为什么我要在客户端破译密码?我编辑了这篇文章。我添加了如何定义密码密钥。